Answers To Objections About Joining A Union

The more members in a Union, the more effective the Union becomes. The power to achieve positive results in collective bargaining or individual disputes is directly linked to density (the percentage of members in the workplace).

Most people who haven’t joined Unions have never been asked. Recent research found that over 70 percent of non-members have never been asked to join a union.

i-am-a-union-member

But there are also those who have been asked and have objections. Here are some great ways to handle those most common objections:

NOTE: The staff of Union Built PC, Inc. have been members of the following Local unions and Labor organizations over the course of many decades. For the sake of this article we will be using IBEW as an example.

  • CWA Local 9503 and 1101
  • USWA Local 3844
  • IBT Local 838
  • UAW Local 889
  • IBEW Local 17
  • UWUA Local 223
  • The Greater Kansas City Labor Council
  • Michigan Labor Press
  • Midwest Labor Press Association

Objection:

“Why should I join the union when I’ll get exactly the same wages and benefits without joining?”

Possible Answers:

  • “Right, you get all that the rest of us get. But we could get so much more if we didn’t have nonmembers. Aren’t you interested in further gains? Well, these can be won only if enough of us want them and are willing to work to get them.”
  • “If every worker felt as you do, we would have no union at all to bargain for us or to represent us in grievances. The longer you remain a nonmember, the more difficult it is for the union to improve your wages and working conditions.”
  • “Here is a card. Won’t you sign it so that you too can help to make possible the improvements we are all entitled to?”
  • “If everyone belonged, the benefits would be greater and the cost would be spread among more people.”
  • “As a nonmember, you are automatically on the side of the employer against the union at the bargaining table – you are agreeing with them that the demands made by the union are not proper, and that you are not entitled to any improvement in wages or working conditions. I’m sure you want to join with us to help make improvements possible rather than be counted as one who is against better wages and working conditions.”
  • “The union needs you. Your involvement and participation will make the union more effective. By not being a member, you miss the sense of belonging, the friendship, the feeling of being fully accepted by your fellow workers.”
  • “Each person has an obligation to share equally the cost of supporting the organization that wins the benefits. It’s just downright unfair to accept benefits that others are paying for. Suppose your next door neighbors paid no taxes on a house and yet sent their children to the public schools and used the roads and other public services. Would this be fair? Of course it wouldn’t. Nor is it fair for a person to realize all the benefits of unionism and not pay a fair share of the cost of gaining these benefits.”
  • “As a nonmember, you have no vote on whether to strike; and you have no voice in contract ratification or in election of representatives.”

Objection:

“I can’t afford to join. I’ve got a family to support and my check just isn’t big enough.”

Or, “The dues are too high.”

Possible Answers:

  • “You can’t afford not to belong. It doesn’t cost to belong to the union. It pays in the form of job security, better wages, and improved benefits.”
  • “Everything of value has a price. What you should do is to compare the value of a thing with the price you have to pay for it. If we do this with the union dues, I’m sure you will agree that union dues are a sound investment.”
  • “Compare the cost with your returns on this investment. Your return each year is far greater than the annual dues. And understand, we’re just talking about wage increases here. We haven’t begun to talk about the advantages of increased job security, seniority, better working conditions, such things as this. These are all extras that you get in return for your dues investment.”
  • “Did you ever stop to think how much less money you’d be making if it were not for the union? I’m sure that neither you nor I could afford to work for this employer at what we would make without a union. If it weren’t for IBEW, our wages would be far less than they are, and we would receive no fringe benefits. You owe it to yourself as well as to us to set aside a small portion of your higher wages to help raise wages even higher in the years ahead.”
  • “You say you have a family to support. You owe it to your family, above all, to be a member of a union that ensures job security, wage increases, and fringe benefits. Your family benefits directly from all of these.”
  • If the nonmember makes a specific reference to an inability to pay bills, mention the counseling service of the union (if this is available) and how union members with financial problems are afforded help.
  • If the nonmember pleads debt problems, mention the availability of the credit union, if you have one, and how a union member can borrow money at lower interest rates than are obtainable from a bank or finance company.

Objection:

“I don’t believe in unions.”

Possible Answers:

  • Point out what unions have done historically. Describe how things were in American industry before unions. Workers were fired at the whim of management or arbitrarily at the age of 40. Describe the extremely low wages, long hours, no fringe benefits, no unemployment compensation, no social security, no workers’ compensation. Stress not only the contract gains but also the efforts of labor to enact better laws and create better communities.
  • “Unions are just associations of people banded together for mutual protection and benefit. Everyone – farmers, merchants, bankers, lawyers, utility companies – everyone joins together today to increase their effectiveness. Why not workers?”
  • “The newspapers do their best to make unions look bad, and this is understandable since employers spend a lot of money on ads. But prove things for yourself – join us, come to our meetings, and then decide whether unions are good or bad.”
  • Try to find out the specific reason behind this objection, and then try to correct the false impression the employee has.

Objection:

“I don’t need a union; the employer is fair. The employer will take care of us without a union. I get along fine with my boss. What has the union gotten for us that we wouldn’t have gotten anyway?”

Possible Answers:

  • “This is a good place to work now, and the union played a big part in making this so. But of course, this is no reason why we shouldn’t try to make it an even better place to work. Your job has been made more pleasant and secure because of the union representation afforded you on the job. Your supervisor has to treat you fairly since the contract requires that he or she do so. The employer is fair because the union is always looking over its shoulder. Even so, almost every employee at one time or another has a grievance or complaint. That’s where the union comes in.”
  • Rely on history, and point out the job security clause in the contract including the final step of arbitration. Explain about conditions of work, including low wages and poor working conditions before IBEW. You might want to call in an older worker to give a firsthand account. Discuss the history of bargaining in the specific bargaining unit. You might contrast the first offers of the employer versus the final settlement and show the difference in terms of cents per hour or dollars per year. Point out that the employer often admits that the union forces them to grant more than they would like to grant. You might want to use a prepared sheet showing union gains over the years. Also point out specific grievances the union has won (use cases that you personally are familiar with).
  • “The employer will treat you well so long as this is the profitable thing for them to do. But you’re like the rest of us. We’re merely numbers on a page. There’s no room for sentiment or humanity in this employer or any other giant firm today. The union provides protection from arbitrary and unfair treatment by the employer.”
  • “You never know when you might need the help of the union. The union has been able to get a clause in the contract that assures employees fair treatment if the need should ever arise. If too many people felt the way you feel, there would be no union and no protection for anyone.”
  • Point out that very frequently personality clashes arise between employees and supervisors. Ask: “What would you do if this should happen to you? What would you be able to do to help yourself if the employer fired or demoted or otherwise mistreated you?”
  • “Individuals may not know their rights under the law and under the contract. In today’s complex world, organizations of all sorts are necessary to achieve any important objectives. This is the reason for the union. The union has to be able to bargain from strength in order to adequately protect employees from arbitrary treatment, to get better wages, longer vacations, more adequate pensions, and so on.”
  • Point to the article in the contract which makes IBEW the sole bargaining agent. This means that the employer as well as the government recognizes that only IBEW is able to speak for all of the employees. The employees can’t by law deal directly with the employer.

Objection:

“I’m only going to be working here a short while (on a temporary or part-time job).”

Possible Answers:

  • “Even if you do leave within a few months, you are receiving all the benefits that all the rest of us pay for while you are here, and we think it only right that you pay your share while you remain on the job.”
  • “While you are with us, we want you to be one of us. We want you to fit in with the group and be an equal. You will enjoy it more and we will enjoy having you.”
    “Whether you stay here six months or thirty years, you’ll get full benefits and full protection while you are employed.”
  • “Who knows, you might decide to stay on, or you might decide to return a year or five years from now. You know that we have a leave of absence and job return policy. You can get a withdrawal card from the union if you do decide to leave.”

Objection:

“My spouse would divorce me.”

Or, “My parents don’t like unions.”

Possible Answers:

  • Find out why the spouse or parent objects. Offer to sit down and talk things over. Offer to go home that very evening with the nonmember to discuss the matter with the relative. (House calls are very successful.)
  • “Your (husband, wife, father, etc.) lets you work and accepts your contribution to the household. They should let you do your part to make your job more pleasant and better paying. You’re the one who is working on the job. You put up with the working conditions. You get the paycheck. You know better than anyone else whether a union is good for you. Let me visit your home and discuss this matter with you and your family this very evening.”

Objection:

“The union doesn’t do anything for you (as in, grievances are not settled satisfactorily).” Or, “I don’t like the people who are running things in the union.”

Possible Answers:

  • Insist upon specifics – the specific grievance the nonmember has in mind. Check out the problem, obtain the facts, and report back to the nonmember. Concede that the union can make mistakes, but point out that many grievances have been won, again being specific.
  • “Officers and stewards do their jobs the best way they know how. If you or someone you know has not been treated fairly, tell us about it so that it can be remedied.”
  • “Your local officers and stewards work for this employer just as you and I do. They need lots of training, experience, and help from you to do the job well. Your signature on this card will give you the right and the opportunity to help in running this union better.” Point out that the members have an obligation to replace those officers and stewards who continue to do their job poorly.
  • “You are the union. You can get involved and run for office to help change the things you don’t like.”
  • Enumerate the contract benefits – choice of hours, vacations, sick benefits. Remind the nonmember that these didn’t come automatically.
  • Discuss the need to use the grievance procedure properly. Frequently some of the complaints we have about grievances occur because the proper procedure was not followed.
  • “Hundreds of grievances are settled satisfactorily. But with 100 percent membership, we could do an even better job of investigating and processing grievances.”

Objection:

“I can’t afford to strike. How can I be sure I won’t be out on strike? I don’t believe in strikes.”

Possible Answers:

  • “It’s up to the members to decide whether to strike. Of course, if you’re not a union member you will have no say whatsoever in the matter.”
  • “When unions are weak, employers force them to strike or else accept low wages or poor working conditions. But if unions are big enough to hurt the employer in a strike, management will offer more and thereby avoid a strike. In short, if workers are unified, a strike is less likely.”
  • “Strikes are very infrequent in this union.”
  • “Do you know about the union’s defense fund? If workers are forced out on strike by an impossible employer position, this fund exists to assist members in meeting their more important bills. We now have millions of dollars in the defense fund so that no one will go without or be badly hurt if we are forced to strike.”
  • “Year after year, less than one-fifth of one percent of all working time is lost by strikes. Now this is only a small fraction of the time lost through layoffs or industrial accidents or other sickness. You read in the newspaper about strikes because, of course, strikes are news. You never read in the newspapers about the hundreds and thousands of negotiations that are settled without the necessity of a strike. What I’m trying to say is that strikes are really very unusual.”

Objection:

“I can handle my own affairs. I can take care of myself. I’ll make my own decisions. I don’t intend to stay on this job forever; I’m looking for a promotion.”

Possible Answers:

  • “This may be true, but the chances are that you might need help somewhere along the way. Besides, all your fellow employees aren’t as fortunate. They need help. They need your help.”
  • “You are working in a large industry and necessarily are a cog in a very large machine. Unless you fit into this machine, you are not a desirable employee, so your future depends in large part on your ability to get along with everyone, including your fellow workers.”

Objection:

“My religion doesn’t permit me to belong to any outside organization.”

Possible Answers (and yes, this can be a sticky one):

  • “I’ve never heard of a faith that bars membership in a union. I would like to discuss this matter with you and with your pastor so that we can clear up any misunderstandings. Unions have always worked closely with churches. Our goals are similar: to help our fellow human beings.”
  • Follow through on this. Contact the pastor or minister. Verify the church’s policy and report back to the nonmember.
  • “Your religion and all other religions teach you to love your neighbor, to be responsible for your brother’s welfare. And that is what the union is designed to do. There is no conflict between the goals of unions and religions.”

Objection:

“My boss doesn’t believe in unions. I’ve seen what happens to union members.”

Possible Answers:

  • “It used to be that many supervisors didn’t like unions, but most of these have either changed their ways or have been transferred.”
  • “At one time, supervisors were virtual dictators with power to hire or fire you on the spot. Now they must live up to the contract and treat people with respect. If a supervisor can’t do this, management will get rid of them.”
  • “The law, the contract, and public policy guarantee you the right to join and engage in union activity.”

Objection:

“I don’t want anything to do with unions. They’re all corrupt.”

Possible Answers:

  • Show the nonmember a copy of IBEW’s constitution and point out how the constitution assures democratic procedures and membership control of the union.
  • Point out that membership in the union gives you a right to choose your own officers and to correct abuses.

Objection:

“I don’t know enough about IBEW or the union movement.”

Possible Answers:

  • “The officers of the local union and I will be glad to sit down with you anytime, any place, and tell you everything you might want to know about IBEW and answer any questions you might have. After you’ve learned some of the history of the union and how it operates, I’m sure you will want to become a member of IBEW.”
  • “What do you need to know about IBEW? IBEW is a large union; it is honestly run; it is efficient; and it is democratic.”

Objection:

“I’m not interested. I just don’t want to join.”

Possible Answers:

  • “You can’t afford not to be interested in the union. What happens in the union and between the union and the employer affects you; it affects all employees. Contract negotiations, grievances, etc., concern everyone in one way or another.”
  • It might be necessary to go into a general explanation of the reasons people join unions.

YOUR TURN

Have you come across these or other objections? We want to know how you handled them! Sound off on the Union Built PC Facebook Page or on our Twitter or LinkedIn feeds. And don’t forget to sign up for our monthly #Union Strong email newsletter for articles like this delivered straight to your inbox.

Advertisements

2016: Year in Review

Here’s looking back at some of 2016’s biggest #UnionStrong moments. We stand with you Sisters and Brothers!

NATIONAL…

scalias-death-ends-friedrichs-threatScalia’s death ends Friedrichs threat
In a case known as Friedrichs vs. California Teachers Association, the U.S. Supreme Court was getting ready to impose so-called “right-to-work” status on all public employees in the United States — making dues strictly voluntary and thus weakening unions considerably. But the death of conservative Supreme Court Justice Antonin Scalia in February resulted in a 4-4 deadlock on the case. The threat to labor could return, however, if a similar case is filed after another anti-union justice is appointed.

unions-count-verizon-strike-as-a-winUnions count Verizon strike as a win
America’s biggest strike in four years took place in April and May as 39,000 members of CWA and IBEW struck Verizon’s East Coast landline operations rather than accept contract concessions at the highly-profitable company. The strike ended after 45 days with a deal brokered by U.S. Secretary of Labor Thomas Perez on terms the union called a win, including 10.5 percent raises over four years, and protections against outsourcing of call center jobs.

Clinton loses in the electoral college
In the general election, Hillary Clinton had the support of nearly every labor union in the country, and she won nearly 3 million more votes than Donald Trump. But she lost where it mattered: The electoral college, thanks to narrow Trump wins in Michigan, Pennsylvania, and Wisconsin.

trans-pacific-partnership-dead-at-lastTrans-Pacific Partnership, dead at last
For the first time since NAFTA, a corporate-written trade deal died on the vine. The 12-nation Trans-Pacific Partnerhip (TPP) was one of Obama’s top priorities, but broad public hostility to the deal — and the defection of some Republicans over industry concerns — prevented ratification in Congress. Trump’s election sealed its fate.

IN YOUR STATE…

Top legislative win: Minimum wage
With unions prepared to put minimum wage increases on the ballot, the Oregon Legislature stepped up to do the job and put the minimum wage on track to 12.50 to 14.75 by 2022, depending on the region. That amounts to an hourly raise of $3.25 to $5.50 an hour for hundreds of thousands of Oregon workers.

Biggest ballot defeat: Measure 97
Despite $16 million in local and national union money, a proposal to raise taxes on the biggest corporations doing business in Oregon was rejected by voters. As a result, instead of new investment in schools, health care and senior services, the state of Oregon faces a budget shortfall next year, once again.

Biggest union organizing wins:

  • 886 support workers at PeaceHealth Southwest Medical Center joined AFT.
  • 793 PSU grad students joined AFT/AAUP.
  • 310 hospital technicians at PeaceHealth Southwest Medical Center joined AFT.
  • 165 workers at Boeing paint contractor Commercial Aircraft Painting Services joined IAM.
  • 80 DirecTV workers joined CWA Local 7906.
  • 61 alcohol and drug treatment workers at Volunteers of America joined AFSCME.

Biggest union organizing losses:

  • 205 workers at a Jeld-Wen door plant in Chiloquin rejected the Machinists union in a 52-137 vote.
  • 179 workers at Portland Specialty Baking rejected the Bakers union in a 38-123 vote.

oregon-bernie-voteOregon Bernie vote: a mandate for bolder action by Democrats?
Hillary Clinton won among Democrats nationwide, but in Oregon, Democrats showed an appetite for a bolder kind of politics — backing a candidate who rejected Wall Street money and called for universal health care, free public college tuition, and a $15-an-hour minimum wage. In Oregon, Bernie Sanders packed arenas and outpolled Clinton by over 70,000 votes, 56 to 44 percent.

Minimum wage and sick leave
Raise the minimum wage to $13.50, and give workers the right paid sick leave? Voters did it, approving union-backed I-1433 by 59-41 percent.

sound-gets-serious-transit-investmentSound gets serious transit investment
Another ballot victory was voter approval for an ambitious 25-year plan to make $54 billion worth of transit improvements in the Puget Sound region, including 62 miles of light rail and new bus and heavy rail service to King, Pierce and Snohomish counties. The project will mean union jobs, less congestion, and a cleaner environment.

Madore is no more, in Clark County
Flamboyantly anti-union Clark County Commissioner David Madore — who once pushed unsuccessfully for a local “right-to-work” ordinance — lost reelection in the August primary. In the general election, union-backed candidate Tanisha Harris lost to John Blom, but local unions were still pleased to see their nemesis go.

berry-boycott-ends-with-union-dealBerry boycott ends with union deal
A three-year union boycott against Sakuma and Driscoll berries ended in September, when Skagit Valley agri-giant Sakuma Berries agreed to allow a union election and recognize and bargain a contract with the farmworkers union.

YOUR TURN

What were some of your biggest #UnionStrong moments of 2016? Sound off on the Union Built PC Facebook Page or on our Twitter or LinkedIn feeds. And don’t forget to subscribe to our monthly #UnionStrong email newsletter for articles like this one delivered straight to your inbox.

Union Built Cloud Services

With nearly universal Internet connectivity these days, there’s no reason you shouldn’t have access to all your important documents not only via your PC, but also from your smartphone, your tablet, your laptop anywhere you may be!  The Union Built Cloud offers automatic backup of your data and a secure  storage and syncing solution for security of your files and seamless access to Word docs, PDFs, spreadsheets, photos and any other digital assets.

The Union Built Cloud offers:

  • Daily Automatic Data Backup and Status Reports
  • Protection from Ransomware, Malware and Viruses
  • Industry-Leading FailSafe Cloud Backup Protection
  • Reliability Monitoring by Union Built PC
  • Secure Hosting Platform
  • Unlimited Storage Customized to Your Needs
  • Guards your Union Office from Cyber Terrorism

Backup of Your Data is More Important than Ever

If you don’t yet have a service for storing and syncing your data in the cloud, you need one.  With the growing threat of Cyber Terrorism the Union Built Cloud provides a secure backup solution for all your data keeping these sensitive files safe from Cyber Criminals; particularly Ransomware, a growing Cyber Threat.

you-got-ransomware

FREE DOWNLOAD: What is Ransomware and How to Stay Safe

In fact, Union Built PC has been the leader in secure cloud solutions for Union Members and Union Offices since before most started worrying about cyber threats and online privacy. And we intend to stay one-step ahead of such threats long into the future.

Understanding ‘The Cloud’

The ‘cloud’ is a real buzzword, but what is it and how does it impact you and your Union Office?

082016-D1-Graphic-Union-Built-Cloud

Union Built Cloud services refer to storing your files somewhere other than your computer’s hard drive.  Having data in the cloud also refers to the ability to access those files through the Internet. Your data is encrypted before making the journey over the Internet to the Union Built Cloud and, while they live on the Union Built Cloud servers, they’re also encrypted. The service doesn’t upload entire files every time they’re updated; just changes, saving you connection bandwidth and storage space.

FREE DOWNLOAD: Learn More about the Union Built Cloud

The Union Built Cloud is also an automatic backup solution for your data keeping it safe and secure so if you’re personal computing systems are ever attacked, Union Built PC can easily restore all of your files in their most current state.

How Union Built PC Resolved the Cyber Terrorism Strike Against JATC Union Local 351

On July 14, 2016 Union Built PC received an email from Lou Jiacopello, Training Director of JATC 351.  Lou reported that one of their workstations became infected with Ransomware.  We quickly took steps to eliminate this threat to no avail.  Union Built PC’s Director of Technical Support, Glenn Joseph, was quickly on hand to assess the problem.

Upon investigation, Glenn determined that the only backup JATC 351’s data was 3 days old and performing a complete restore would mean valuable data most definitely would be lost.

ransomware-help-union-built-pc-cloud-storage-service

We were forced to advise our client that only solution to this problem was to pay the ransom.  This did not sit well with us, and there was no guarantee that after paying the ransom all the data would be restored.  This was, however, the only viable option.

Ransomware attacks data files and encrypts these files denying you access.  This type of cyber attack forces you to pay a fee – the ransom – in order to obtain a key code that will unencrypt the files so they are restored and you can regain access.  Payment is made via bitcoin, and can get very expensive.  In this case our only option, due to the nature of the data, was to pay.

Glenn supervised the job from beginning to end, and we were able to fully restore all of JATC 351’s data.  The job did not end here!  Union Built PC provided JATC 351 with our secure Union Built Cloud Storage Solution, which backs up all data on a daily basis.  The Service also provides for client reports regarding the status of daily Backups.  These reports are sent to Union Built PC and analyzed, so that we, can monitor the safety of your data each day.

Union Built PC has now ensured that JATC 351 has a fully secure and reliable backup plan.

RELATED: Read the JATC 351 Ransomware Union Built Cloud Service Case Study

“We reached out to Union Built PC (as we have done in the past) to assist us when one of our workstations became infected with Ransomware.  Glenn Joseph (Director of Technical Support) for Union Built PC contacted us and quickly assessed the problem.  Thanks to Glenn we were able to get all of our data restored.  Pete Marchese, Director of Operations for Union Built PC, recommended their Union Built Cloud Storage Solution to provide us with a secure backup plan. It is now in place and protecting our data.  We never thought cyber terrorism would be something we’d have to worry about, but have now learned any person – any organization – can be vulnerable.  We highly recommend Union Built PC and their Cloud Services to all Locals and Training Centers in order to provide reliable and secure Cloud Backup to keep you safe from Cyber Terrorism.”

– Lou Jiacopello Training Director JATC LU 351

Download the Union Built Cloud Brochure and learn more about the cloud and how it’s now integral to everything you do.  And give us a call at (877) 728-6466 or contact us online to talk more about how we can keep your data safe and secure.

And don’t forget to Like Union Built PC on Facebook, Follow Us on Twitter and LinkedIn and subscribe to our monthly eNewsletter for Union News and articles like this one delivered straight to your inbox.

 

Cyber Terrorism Strikes JATC Local Union 351 IBEW

On July 14, 20016 Union Built PC received an email from Lou Jiacopello, Training Director of JATC 351.  Lou reported that one of their workstations became infected with Ransomware.  We quickly took steps to eliminate this threat to no avail.  Union Built PC’s Director of Technical Support, Glenn Joseph, was quickly on hand to assess the problem.

Upon investigation, Glenn determined that the only backup JATC 351’s data was 3 days old and performing a complete restore would mean valuable data most definitely would be lost.
We were forced to advise our client that only solution to this problem was to pay the ransom.  This did not sit well with us, and there was no guarantee that after paying the ransom all the data would be restored.  This was, however, the only viable option.

JATC IBEW 351 Training Center Sign

RELATED: What Is Ransomware?

Ransomware attacks data files and encrypts these files denying you access.  This type of cyber attack forces you to pay a fee – the ransom – in order to obtain a key code that will unencrypt the files so they are restored and you can regain access.  Payment is made via bitcoin, and can get very expensive.  In this case our only option, due to the nature of the data, was to pay.

FREE DOWNLOAD: Protecting Yourself From Ransomware

Glenn supervised the job from beginning to end, and we were able to fully restore all of JATC 351’s data.  The job did not end here!  Union Built PC provided JATC 351 with our secure Union Built Cloud Storage Solution, which backs up all data on a daily basis.  The Service also provides for client reports regarding the status of daily Backups.  These reports are sent to Union Built PC and analyzed, so that we, can monitor the safety of your data each day.

RELATED: What is the Union Built Cloud?

Union Built PC has now ensured that JATC 351 has a fully secure and reliable backup plan.

union-built-pc-cloud-storage-service

Learn more about the Union Built Cloud, contact us with your cyber security questions and concerns and Like us on Facebook, Follow us on Twitter and LinkedIn and subscribe to our monthly email newsletter for Union News delivered straight to your inbox.

 

 

Ransomware: A Growing Threat to Your Union Office

Technology has made our lives both easier and more complicated – there’s no denying that.

Fast Internet access opened up a world of wisdom and all the distractions we can image. But the door is also open for cyber criminals with little to no scruples and a big appetite for money. And there’s no better incarnation for their wants than Ransomware.

you-got-ransomware

Some of you who will read this White Paper will think:

Ransomware isn’t that big of a deal, is it? I bet the security industry is blowing things up to make money out of it.

You’re perfectly entitled to a skeptical opinion. But the facts show, without a doubt, that ransomware is the biggest cyber threat out there, for both companies and home users. Just look at this chart which shows how many ransomware families have been identified in the past years. And we’re only half way through 2016…

history-of-ransomware

Image source: CERT-RO

You should also know that ransomware families are only a starting point for tens or hundreds of variants! For example, CryptoWall, discovered in 2013, reached its fourth version in November 2015. And needless to say that there are probably many more ransomware types which cyber security researchers haven’t yet identified and named.

While you’re reading this, someone’s data is getting encrypted and someone else may be paying a hefty ransom to the attackers (usually around $500), which will further fund their malicious actions. That’s in spite of the FBI’s and security experts’ warning to never pay the ransom.

But there’s a lot you can actually do to prevent all the drama and hassle of a ransomware attack. And I plan to take you through all the protection steps you can easily put in place on your computer today, after work.

Let’s get into the details.

What Is Ransomware?

ransomware

Ransomware is a type of malicious software (malware) which encrypts all the data on a PC or mobile device, locking the owner out. Once the infection takes place, the victim receives a message that provides instructions on how to pay the ransom (usually in Bitcoins). The extortion process usually involved a time-limit for the payment. Paying the ransom should give the victim the decryption key, but there’s no guarantee that this will happen.

There are two types of ransomware in circulation:

1. Encrypting ransomware, which incorporates advanced encryption algorithms.
It’s designed to block system files and demand payment to provide the victim with the key that can decrypt the blocked content.
Examples include CryptoLocker, Locky, CrytpoWall and more.

2. Locker ransomware, which locks the victim out of the operating system, making it impossible to access the desktop and any apps or files.
The files are not encrypted in this case, but the attackers still ask for a ransom to unlock the infected computer.
Examples include the police-themed ransomware or Winlocker.

Another version pertaining to this type is the Master Boot Record (MBR) ransomware. The MBR is the section of a PC’s hard drive which enables the operating system to boot up. When MBR ransomware strikes, the boot process can’t complete as usual, and prompts a ransom note to be displayed on the screen.
Examples include Satana and Petya ransomware.

However, the most widespread type of ransomware is crypto-ransomware or encrypting ransomware, which we’ll focus on here. The cyber security community agrees that this is the most prominent and worrisome cyber threat of the moment.

Ransomware has some key characteristics that set it apart from other malware:

  • It features unbreakable encryption, which means that you can’t decrypt the files on your own (there are various decryption tools released by cyber security researchers – more on that later);
  • It has the ability to encrypt all kinds of files, from documents to pictures, videos, audio files and other things you may have on your PC;
  • It can scramble your file names, so you can’t know which data was affected. This is one of the social engineering tricks used to confuse and coerce victims into paying the ransom;
  • It will add a different extension to your files, to sometimes signal a specific type of ransomware strain;
  • It will display an image or a message that lets you know your data has been encrypted and that you have to pay a specific sum of money to get it back;
  • It requests payment in Bitcoins, because this crypto-currency cannot be tracked by cyber security researchers or law enforcements agencies;
  • Usually, the ransom payments has a time-limit, to add another level of psychological constraint to this extortion scheme. Going over the deadline typically means that the ransom will increase, but it can also mean that the data will be destroyed and lost forever.
  • It uses a complex set of evasion techniques to go undetected by traditional antivirus (more on this in the “Why ransomware often goes undetected by antivirus” section);
  • It often recruits the infected PCs into botnets, so cyber criminals can expand their infrastructure and fuel future attacks;
  • It can spread to other PCs connected in a local network, creating further damage;
  • It frequently features data exfiltration capabilities, which means that ransomware can extract data from the affected computer (usernames, passwords, email addresses, etc.) and send it to a server controlled by cyber criminals;
  • It sometimes includes geographical targeting, meaning the ransom note is translated into the victim’s language, to increase the chances for the ransom to be paid.

The inventory of things that ransomware can do keeps growing every day, with each new security alert broadcasted by our team or other malware researchers.

As ransomware families and variants multiply, you need to understand that you need at least baseline protection and data backup solutions to avoid data loss and other troubles.

Encrypting ransomware is a complex and advanced cyber threat which uses all the tricks available because it makes cyber criminals a huge amount of money. We’re talking millions!

If you’re curious how it all started, it’s worth reviewing quick history of ransomware.

A Quick History of Ransomware

It may be difficult to imagine, but the first ransomware in history emerged in 1989 (that’s 27 years ago). It was called the AIDS Trojan, whose modus operandi seems crude nowadays. It spread via floppy disks and involved sending $189 to a post office box in Panama to pay the ransom.

TeslaCrypt

As cyber criminals moved from cyber vandalism to cyber crime as a business, ransomware emerged as the go-to malware to feed the money-making machine.

The advent of Bitcoin and evolution of encryption algorithms favored made the context ripe for ransomware development too.

Keep in mind 3 things, so you can get a sense of how big the issue really is:

1. There are numerous variants for each type (for example, CrytpoWall is on its 4th version);

2. No one can map all the existing ransomware out there (because most ransomware attacks go unreported);

3. New ransomware is coming out in volumes at an ever-increasing pace.

ransomware-types
Source: Evolution of ransomware by Symantec

As you can see for yourself, things escalated quickly and the trend continues to grow.

Top Targets for Ransomware Creators and Distributors

Cyber criminals are not just malicious hackers who want public recognition and are driven by their quest for cyber mischief. They’re business-oriented and seek to cash out on their efforts.  That’s why, after testing ransomware on home users and evaluating the impact, they moved onto bigger targets: police departments, city councils even schools and, worse, hospitals!

RELATED: Keeping Your Union Office Safe from Ransomware

Clearly, ethics or morality have no weight in today’s money-hungry cyber crime business. “There is honor among thieves” was tossed out the window a long time ago.  That leaves us with to dig out the reasons why online criminals choose to target various types of Internet users. This may help you better understand why things happen as they do right now.

Why ransomware creators and distributors target home users:

  • Because they don’t have data backups;
  • Because they have little or no cyber security education, which means they’ll click on almost anything;
  • Because the same lack of online safety awareness makes them prone to manipulation by cyber attackers;
  • Because they lack even baseline cyber protection;
  • Because they don’t keep their software up to date (even if specialists always nag them to);
  • Because they fail to invest in need-to-have cyber security solutions;
  • Because they often rely on luck to keep them safe online (I can’t tell you how many times I’ve heard “it can’t happen to me”);
  • Because most home users still rely exclusively on antivirus to protect them from all threats, which is frequently ineffective in spotting and stopping ransomware;
  • Because of the sheer volume of Internet users that can become potential victims (more infected PCs = more money).

Why ransomware creators and distributors target businesses:

  • Because that’s where the money is!
  • Because attackers know that ransomware can cause major business disruptions, which will increase their chances of getting paid;
  • Because computer systems in companies are often complex and prone to vulnerabilities that can be exploited through technical means;
  • Because the human factor is still a huge liability which can also be exploited, but through social engineering tactics;
  • Because cyber criminals know that business would rather not report ransomware attacks for fears of legal or reputation-related consequences;
  • Because small businesses are often unprepared to deal with advanced cyber attacks (which ransomware is) and have a lax BYOD (bring your own device) policy.

Why ransomware creators and distributors target public institutions:

  • Because public institutions, such as government agencies, manage huge databases of personal and confidential information that cyber criminals can sell;
  • Because these institutions ofttimes lack appropriate cyber defenses that can protect them against ransomware;
  • Because the staff is not trained to spot and avoid cyber attacks (ransomware often leverages the human factor weakness to trigger the infection);
  • Because public institutions often use outdated software and equipment, which means that their computer systems are packed with security holes just begging to be exploited;
  • Because ransomware has a big impact on conducting usual activities, causing huge disruptions;
  • Because successfully attacking public institutions feeds the cyber criminals’ egos (they may want money above all else, but they won’t hesitate to reinforce their position in the community about attacking a high-profile target).

In terms of platforms and devices, ransomware doesn’t discriminate either. We have ransomware tailor-made solutions for your data, but more on that in “The Best Protection is always Backup” section.  

When it comes to servers, the attack is downright vicious:

  • Some groups do this by infiltrating the target server and patching the software so that the stored data is in an encrypted format where only the cybercriminals have the key to decrypt the data.
  • The premise of this attack is to silently encrypt all data held on a critical server, along with all of the backups of the data.
  • This process may take some time, depending on the organization, so it requires patience for the cybercriminals to carry it out successfully.
  • Once a suitable number of backups are encrypted, the cybercriminals remove the decryption key and then make their ransom demands known, which could be in the order of tens of thousands of dollars

This prompted the FBI and many other institutions and security vendors in the industry to urge users, companies and other decision-makers to prepare against this threat and set up strong cyber protection layers.

Attacks on critical infrastructure (electricity, water, etc.) could be next, and even the thought of that can make anyone shudder.

How Do Ransomware Threats Spread?

Ransomware and any other advanced piece of financial or data stealing malware spreads by any available means.

Cyber criminals simply look for the easiest way to infect a system or network and use that backdoor to spread the malicious content.

Nevertheless, these are the most common methods used by cybercriminals to spread ransomware:

  • Spam email campaigns that contain malicious links or attachments;
  • Security exploits in vulnerable software;
  • Internet traffic redirects to malicious websites;
  • Legitimate websites that have malicious code injected in their web pages;
  • Drive-by downloads;
  • Malvertising campaigns;
  • SMS messages (which apply to ransomware that targets mobile devices);
  • Botnets;
  • Self-propagation (spreading from one infected computer to another);
  • Affiliate schemes in ransomware-as-a-service (earning a share of the profits by helping further spread ransomware).

Crypto-ransomware attacks employ a subtle mix of technology and psychological manipulation (also known as social engineering).

These attacks get more refined by the day, as cyber criminals learn from their mistakes and tweak their malicious code to be stronger, more intrusive and better suited to avoid cyber security solutions.  That’s why each new ransomware variant is a bit different from its forerunner. Malware creators incorporate new evasion tactics and pack their “product” with piercing exploit kits, pre-coded software vulnerabilities to target and more.

For example, here’s how online criminals find vulnerable websites, inject malicious JavaScript code in them and use this trigger to redirect potential victims to infected websites.

vulnerable websites

Which gets us to the next important answer in our common quest to understand ransomware attacks…

How Do Ransomware Infections Happen?

Though the infection phase is slightly different for each ransomware version, the key stages are the following:

1. Initially, the victim receives an email which includes a malicious link or an malware-laden attachment.

Alternatively, the infection can originate from a malicious website that delivers a security exploit to create a backdoor on the victim’s PC by using a vulnerable software from the system.

2. If the victim clicks on the link or downloads and opens the attachment, a downloader (payload) will be placed on the affected PC.

3. The downloader uses a list of domains or C&C servers controlled by cyber criminals to download the ransomware program on the system.

4. The contacted C&C server responds by sending back the requested data, in our case, the ransomware.

5. The ransomware starts to encrypt the entire hard disk content, personal files and sensitive information. Everything, including data stored in cloud accounts (Google Drive, Dropbox) synced on the PC. It can also encrypt data on other computers connected in the local network.

6. A warning pops up on the screen with instructions on how to pay for thedecryption key.

ransomware-help-union-built-pc-cloud-storage-service

Everything happens in just a few seconds, so victims are completely dumbstruck as they stare at the ransom note in disbelief.  Most of them feel betrayed, because they can’t seem to understand one thing; “But I have antivirus! Why didn’t it protect me from this?”

Why Ransomware Often Goes Undetected by Antivirus

We’ve mentioned the evasion tactics that ransomware uses more than once. This collection of technical methods ensures that crypto-ransomware infections can stay below the radar and:

  • Not get picked up by antivirus products
  • Not get discovered by cyber security researchers
  • Not get observed by law enforcement agencies and their own malware researchers.

The rationale is simple: the longer a malware infection can persist on a compromised PC, the more data it can extract and the more damage it can do.

So here are just a few of the tactics that ransomware employs to remain covert and maintain the anonymity of its makers and distributors:

1. Communication with Command & Control servers is encrypted and difficult to detect in network traffic;

2. It features built-in traffic anonymizers, like TOR and Bitcoin, to avoid tracking by law enforcement agencies and to receive ransom payments;

3. It uses anti-sandboxing mechanisms so that antivirus won’t pick it up;

4. It employs domain shadowing to conceal exploits and hide the communication between the downloader (payload) and the servers controlled by cyber criminals (where the ransomware is stored);

5. It features Fast Flux, another technique used to keep the source of the infection anonymous;

6. It deploys encrypted payloads which can make it more difficult for antivirus to see that they include malware, so the infection has more time to unfold;

7. It has polymorphic behavior that endows the ransomware with the ability to mutate enough to create a new variant, but not so much as to alter the malware’s function;

8. It has the ability to remain dormant – the ransomware can remain inactive on the system until the computer it at its most vulnerable moment and take advantage of that to strike fast and effectively.

The Most Notorious Ransomware Families

By now you know that there’s plenty of ransomware out there. With names such as CryptXXX, Troldesh or Chimera, these strains sound like the stuff hacker movies are made of.  So while newcomers may want to get a share of the cash, there are some ransomware families that have established their domination.

If you find any similarities between this context and how the mafia conducts its business, well, it’s because they resemble in some aspects.

Reveton

In 2012, the major ransomware strand known as Reveton started to spread. It was based on the Citadel trojan, which was, in turn, part of the Zeus family.  This type of ransomware has become known to display a warning from law enforcement agencies, which made people name it “police trojan” or “police virus“. This was a type of locker ransomware, not an encrypting one.

Once the warning appears, the victim is informed that the computer has been used for illegal activities, such as torrent downloads or for watching porn.

The graphic display enforced the idea that everything is real. Elements like the computer IP address, logo from the law enforcement organization in that specific country or the localized content, all of these created the general illusion that everything is actually happening.

CryptoLocker

In June 2014, Deputy Attorney General James Cole, from the US Department of Justice, declared that a large joint operation between law agencies and security companies employed traditional law enforcement techniques and cutting edge technical measures necessary to combat highly sophisticated cyber schemes targeting our citizens and businesses.

He was talking about Operation Tovar, one of the biggest take-downs in the history of cyber security.  Operation Tovar aimed to take down the Gameover ZeuS botnet, which authorities also suspected of spreading financial malware and CryptoLocker ransomware.

We’ve found the biggest trouble with CryptoLocker is not so much in removing the malware — that process appears to be surprisingly trivial in most cases. The real bummer is that all of your important files — pictures, documents, movies, MP3s — will remain scrambled with virtually unbreakable encryption.

CryptoLocker infections peaked in October 2013, when it was infecting around 150,000 computers a month!

CryptoWall

CryptoWall is such a variant and it has already reached its third version, CryptoWall 4.0This number alone shows how fast this malware is being improved and used in online attacks!

In 2015, even the FBI agreed that ransomware is here to stay. This time, it wouldn’t stop to home computers, but it will spread to infect businesses, financial institutions, government agencies, academic institutions, and other organizations… resulting in the loss of sensitive or proprietary information.

Until then, this prediction became reality and now we understand the severity and impact of the crypto-ransomware phenomenon.  In the similar manner to CryptoLocker, CryptoWall spreads through various infection vectors since, including browser exploit kits, drive-by downloads and malicious email attachments.

CTB Locker

CTB Locker is one of the latest ransomware variants of CryptoLocker, but at a totally different level of sophistication.

Let’s take a quick look at its name: what do you think CTB stands for?

  • C comes from Curve, which refers to its persistent Elliptic Curve Cryptography that encodes the affected files with a unique RSA key;
  • T comes from TOR, because it uses the famous P2P network to hide the cybercriminals’ activity from law enforcement agencies;
  • B comes from Bitcoin, the payment method used by victims to pay the ransom, also designed to hide the attackers’ location.

What’s also specific to CTB-locker is that is includes multi-lingual capabilities, so attackers can use it to adapt their messaging to specific geographical areas.  If more people can understand what happened to their data, the bigger the payday.

CTB-Locker was one of the first ransomware strains to be sold as a service in the underground forums. Since then, this has become almost the norm.  Now, potential cyber criminals don’t really need strong technical skills, as they can purchase ready-made malware which include even dashboard where they can track their successful infections and return on investment.

The malware creators’ ad actually offers “support services” helping guide the victim on how to pay the ransom!  This “support” offers:

  • instructions on how to install the Bitcoin payment on the server;
  • how to adjust the ransomware settings in order to target the selected victims;
  • details such as the requested price and the localized language that should be used;
  • recommendations on the price that you can set for the decryption key.

TorrentLocker

This file-encrypting ransomware emerged in early 2014 and its makers often tried to refer to it as CryptoLocker, in order to piggyback on its awareness.

Since then, TorrentLocker relied almost entirely on spam emails for distribution. In order to increase effectiveness, both the emails and the ransom note were targeted geographically.  Attackers noticed that attention to detail meant that they could trick more users into opening emails and clicking on malicious links, to they took it a step further. They used good grammar in their texts, which made their traps seem authentic to the unsuspecting victims.

TorrentLocker creators proved that they were attentively looking at what’s going on with their targeted “audience” when they corrected a flaw in their encryption mechanism. Until that point, a decryption tool created by a malware researcher had worked.

But soon TorrentLocker released a new variant which featured stronger encryption and narrowed the chances for breaking it to zero.  Its abilities to harvest email addresses from the infected PC are also noteworthy. Naturally, these emails were used in subsequent spam campaigns to further distribute the ransomware.

TeslaCrypt

When it first emerged, TeslaCrypt focused on a specific audience: gamers. Not all of them, but actually a segment that player a series of specific games, including Call of Duty, World of Warcraft, Minecraft and World of Tanks.

By exploiting vulnerabilities mainly in Adobe Flash (a serial culprit for ransomware infections), TeslaCrypt moves on to bigger targets, such as European companies.

Cyber security experts managed to find flaws in TeslaCrypt’s encryption algorithm twice. They created decryption tools and did their best so that the malware creators wouldn’t find out.  But, as you can guess, TeslaCrypt makers corrected the flaws and released new versions that featured stronger encryption and enhanced data leakage capabilities.

To everyone’s surprise, TeslaCrypt shut down.  The cyber criminals even apologized.

Researchers managed to get the universal master decryption key from them and built a decryptor that you can use if you happen to be a victim of TeslaCrypt ransomware.

No one knows why the guys behind TeslaCrypt quit, but we can only hope to see more of that in the cyber crime scene.

Locky

One of the newest and most daring ransomware families to date is definitely Locky.

First spotted in February 2016, the Locky ransomware strain made its entrance with a bang by extorting a hospital in Hollywood for about $17,000.

Locky has a rampant distribution across the world. Here is the geographical distribution of this ransomware family in April 2016:

locky
Source: Securelist analysis

As you’ve seen, things never stop changing in cyber crime, so Locky’s descendant, Zepto, made its debut in early July 2016.

So… What Will Come Next?

Although we can’t guess future ransomware names, there is one trend that cyber criminals seem to be pursuing; attacks that are more targeted, more carefully prepared and which require a smaller infrastructure to be deployed.

And  now we’ve arrived at the best part… where you can learn what to do to stay protected against appalling ransomware attacks.

Take Union Built PC’s Anti-Ransomware Pledge

This is a promise that Union Built PC wants you to make to yourself;  you will take the threat of ransomware seriously and do something about it before it hits your data.

How we wish we could say that ransomware is not a life and death kind of situation!  But if you work in a hospital and you trigger a crypto-ransomware infection, it could actually endanger lives.

Having a plan to deal with threats to your security will help you see the bigger picture without overlooking important details. We’ve organized a list of protection tips according to four categories:

  • Locally, on the PC
  • In the browser
  • Online behavior
  • Anti-ransomware security tools.

So here’s what we want you to promise us:

Locally, on the PC

1. Don’t store important data only on my PC.

Storing irreplaceable data like academic papers, work documents and cherished photos only your PC makes you vulnerable. If something happens to that device (ransomware, physical damage, theft, etc.), it’ll all be gone. Which brings us to the next step.

2. Keep at least 2 backups of your data.

Keep a copy of your data on an external hard drive and one in the cloud. Make sure you update your data often, so you don’t lose progress. And check that your backups are intact and can be restored if you need to.

3. Don’t leave Dropbox/Google Drive/OneDrive/etc. turned on by default.

Open these apps once a day, sync your data and close them once it’s done. There are types of ransomware that can encrypt everything on your drive, including the data in your cloud accounts, if the cloud apps are running on your PC. That could destroy a data backup, which is why you have to be extra-careful and keep multiple backups.

RELATED: The Union Built Cloud Automatic Data Backup Service

4. Keep your operating system and the software you use up to date.

The latest security updates are especially important. If you apply the latest updates, you’ll also get security patches that solve a lot of vulnerabilities. That’s why cyber security specialists always insist on patching.

5. For daily use, don’t use the administrator account on your computer.

Instead, use a guest account with limited privileges. If you use a guest account, you can limit the damages if you’re hit with ransomware or another type of malware.

6. Turn off macros and ActiveX in the Microsoft Office suite – Word, Excel, PowerPoint, etc.

These are bits of software that cyber criminals often use to spread malware and infect computers. Infected documents are heavily used in cyber attacks, because they’re able to hide their malicious intent. If they look useful or safe, victims are more inclined to open them.

7. Always verify file extensions before clicking on them.

Cyber criminals are very deft at camouflaging files to make them look harmless. The purpose is to get you to click on them and launch a malware infection that will take over your computer. Modify your Windows settings to show file name extensions, so you’ll know to avoid shady formats, like .jpeg.exe (which aren’t pictures, but malicious executable files).

Here’s how to show or hide file name extensions:

Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.

Click the View tab, and then, under Advanced settings, do one of the following:

  • To show file name extensions, clear the Hide extensions for known file types check box, and then click OK.
  • To hide file name extensions, select the Hide extensions for known file types check box, and then click OK.Source: Microsoft

8. Turn off AutoPlay on your PC.

AutoPlay is a Windows feature that allows you to instantly open digital media (USB sticks, CDs, digital cameras) with a designated application. Malware can use this option to gain access to your computer and start running automatically, so it’s best to keep this option turned off.

How to do it turn off AutoPlay:

When you turn AutoPlay on, you can choose what should happen when you insert different types of digital media into your computer. For example, you can choose which digital media player is used to play CDs. When AutoPlay is turned off, you are prompted to choose what you want to do when you insert digital media into your computer.

Open AutoPlay by clicking the Start button, and then clicking Control Panel. In the search box, type autoplay, and then click AutoPlay.

  • To turn AutoPlay on, select the Use AutoPlay for all media and devices check box.
  • To turn AutoPlay off, clear the Use AutoPlay for all media and devices check box.

Click Save.

Source: Microsoft

9. Don’t keep wireless and Bluetooth on unless you’re actively using it.

Unsecured connections can cost you dearly, so make sure you turn off your wireless and Bluetooth connectivity if you don’t use them. Cyber criminals can use both these connections to attack and compromise your devices. This rule if useful for all your devices, not just for your PC.

10. Don’t keep multiple computers in your home connected to one another in a local network.

Ransomware is highly sophisticated and capable of spreading to other computers connected in a local network. If a computer is infected, but not connected to the others, the infection won’t spread.

11. Never plug in USB sticks whose origin you’re unsure of.

Not even if you scan it with your antivirus, since antivirus may not detect ransomware attacks properly sometimes. Only plug in USB sticks whose origin you’re sure of and whose contents you know.

12. Disable Windows PowerShell if you don’t use it.

Here’s a quick explanation to help you understand what Windows PowerShell is:

While many casual users know about the Command Prompt, few have heard about Windows PowerShell. PowerShell is a tool that’s much more powerful than the Command Prompt. In a way, it’s also intended to replace the Command Prompt, as it delivers more power and control over the Windows operating system.

Source: Digital Citizen

So if you don’t use PowerShell for your tasks, just disable it. There are many types of malware, ransomware included, who abuse PowerShell and use it to plant and execute malware deep in victim’s devices.

Here are the instructions to disable Windows PowerShell, which works for Windows 7, 8, 8.1 and Windows 10.

In Your Browser

1. Remove the following plugins from your browsers:
Adobe Flash, Adobe Reader, Java and Silverlight.

If you absolutely have to use them, set the browser to ask you if you want to activate these plugins when needed. These four plugins are notorious for being exploited in cyber attacks, as you can see from the statistics below.

top-exploited-software-in-Q1-2016

2. Adjust your browsers’ security and privacy settings for increased protection.

There’s a lot you can do to make your browsers more secure. They’re the type of settings that take a few short minutes to do, and make a huge difference.

As you just saw, browsers are the main exploitation targets for cyber criminals and it’s the same with ransomware. This guide to secure browsing will take you through all the steps you need to follow and help you close off potential backdoors that could compromise your system.

3. Remove outdated plugins and add-ons from your browsers.

Only keep the ones you use on a daily basis, and I keep them updated to the latest version. Old add-ons and plugins can go rogue without you even realizing it. Spring or not, a computer clean-up is always welcome!

4. Use an ad blocker to avoid the treat of potentially malicious ads.

Malvertising is a very serious threat. And attackers often use malvertising campaigns to spread ransomware to unsuspecting victims. A way to protect yourself from this threat is to use an ad blocker.

If you’ve never heard about ad blockers before, here’s the short version: they’re browser extensions / apps you install to block online ads. No pop-ups, overlay ads, search ads or even pre-roll ads in videos. While blocking annoying ads is the most boasted benefit of ad blockers, they have another advantage as well: they can help you eliminate the threat of malvertising.

Online behavior

1. Never, EVER open spam emails or emails from unknown senders.

If you don’t know who it came from, delete it or send it straight to spam. If you’re unsure whether you should open it, contact the sender directly and verify the information. Spam emails are the most used tactic for spreading ransomware, as we’ve seen in numerous campaigns.

2. Never, EVER download attachments from spam emails or suspicious emails.

This is the most used form of infecting computers with encrypting malware. The victim downloads and opens a malicious attachment and then all hell breaks loose.

3. Never, EVER click links in spam emails or suspicious emails.

The same goes for links in these emails used in ransomware attacks. Just don’t click them. And if you’re unsure of a link, there are a lot of tools you can use to verify if a link is safe or not. But don’t rely on those verifications alone. It’s better to be safe than sorry.

4. Stay away from clicking strange links on social media, links received via Skype or other instant messaging services (WhatsApp, Viber, etc.). They can damage your data and your device.

5. Learn to identify emails that pretend to come from trusted companies.

Cyber attackers often impersonate big companies to trick people into opening malicious emails or click infected links and download malware-laden attachments. Because people trust brands like telecom companies, Internet service providers, the local post office, etc., they tend to click on links and download and open attachments without thinking they may be dangerous.

That’s why we urge you to verify every email you get from companies you work with. It’s better to set up online accounts with them, if they provide the option, than to risk getting infected with malware. Be cautious at all times!

Anti-ransomware security tools

1. Use a reliable, paid antivirus product.

Makes sure that the antivirus includes an automatic update module and a real-time scanner. Keep it updated and remember that a free antivirus will never provide the same level of protection as one your paid for. This is the reactive part of your data protection plan.

2. Turn on your Windows Firewall and keep it on.

It may be old-school, but it still works. Having a firewall in place is a good security measure to have. Of course, you can choose other firewall solutions as well. You should also know that most paid antivirus suites also include a dedicated firewall, so you should verify that before purchasing a dedicated firewall solution.

3. Get proactive against ransomware attacks.

Think ahead and protect before ransomware strikes. The best protection is always data backup!

The Best Protection is always Backup!

With nearly universal Internet connectivity these days, there’s no reason you shouldn’t have access to all your important documents not only via your PC, but also from your smartphone, your tablet, your laptop anywhere you may be!  The Union Built Cloud offers automatic backup of your data and a secure storage and syncing solution for security of your files and seamless access to Word docs, PDFs, spreadsheets, photos and any other digital assets.

If you don’t yet have a service for storing and syncing your data in the cloud, you need one.  With the growing threat of Cyber Terrorism the Union Built Cloud provides a secure backup solution for all your data keeping these sensitive files safe from Cyber Criminals; particularly Ransomware, a growing Cyber Threat.

In fact, Union Built PC has been the leader in secure cloud solutions for Union Members and Union Offices since before most started worrying about cyber threats and online privacy. And we intend to stay one-step ahead of such threats long into the future.

Union Built Cloud Services… the Best Kind of Backup

  • Daily Automatic Data Backup and Status Reports
  • Protection from Ransomware, Malware and Viruses
  • Industry-Leading FailSafe Cloud Backup Protection
  • Reliability Monitoring by Union Built PC
  • Secure Hosting Platform
  • Unlimited Storage Customized to Your Needs
  • Guards your Union Office from Cyber Terrorism

Understanding ‘The Cloud’

The ‘cloud’ is a real buzzword, but what is it and how does it impact you and your Union Office?

082016-D1-Graphic-Union-Built-Cloud

Union Built Cloud services refer to storing your files somewhere other than your computer’s hard drive.  Having data in the cloud also refers to the ability to access those files through the Internet. Your data is encrypted before making the journey over the Internet to the Union Built Cloud and, while they live on the Union Built Cloud servers, they’re also encrypted. The service doesn’t upload entire files every time they’re updated; just changes, saving you connection bandwidth and storage space.

Download the Union Built Cloud Brochure

The Union Built Cloud is also an automatic backup solution for your data keeping it safe and secure so if you’re personal computing systems are ever attacked, Union Built PC can easily restore all of your files in their most current state.

CASE STUDY: How Union Built PC Resolved the Cyber Terrorism Strike Against JATC IBEW LU 351

On July 14, 2016 Union Built PC received an email from Lou Jiacopello, Training Director of JATC 351.  Lou reported that one of their workstations became infected with Ransomware.  We quickly took steps to eliminate this threat to no avail.  Union Built PC’s Director of Technical Support, Glenn Joseph, was quickly on hand to assess the problem.

Upon investigation, Glenn determined that the only backup JATC 351’s data was 3 days old and performing a complete restore would mean valuable data most definitely would be lost.
We were forced to advise our client that only solution to this problem was to pay the ransom.  This did not sit well with us, and there was no guarantee that after paying the ransom all the data would be restored.  Payment was requested and made via bitcoin, and it wasn’t cheap.  This was, however, the only viable option.

The ransomware attacked their data files and encrypted these files denying the Union Office access.  After Union Built PC paid the ranson in order to obtain a key code that will unencrypt the files, we were able to regain access and restore all files since their last backup 3 days prior. so they are restored and you can regain access.

The job did not end here!  Union Built PC provided JATC 351 with our secure Union Built Cloud Storage Solution, which backs up all data on a daily basis.  The Service also provides for client reports regarding the status of daily Backups.  These reports are sent to Union Built PC and analyzed, so that we, can monitor the safety of your data each day.

Union Built PC has now ensured that JATC 351 has a fully secure and reliable data backup plan.

JATC IBEW 351 Training Center Sign

RELATED: Read the JATC 351 Ransomware Union Built Cloud Service Case Study

Extortion on a Global Scale

Ransomware brought extortion to a global scale, and it’s up to all of us, users, business-owners and decision-makers, to disrupt it.

We now know that:

  • creating malware or ransomware threats is now a business and it should be treated as such;
  • the “lonely hacker in the basement” stereotype died long time ago;
  • the present threat landscape is dominated by well defined and well funded groups that employ advanced technical tools and social engineering skills to access computer systems and networks;
  • even more, cyber criminal groups are hired by large states to target not only financial objectives, but political and strategic interests.

We also know that we’re not powerless and there’s a handful of simple things we can do to avoid ransomware. Cyber criminals have as much impact over your data and your security as you give them.

Stay safe and don’t forget the best protection is always a backup!

Download the Union Built Cloud Brochure and learn more about the cloud and how it’s now integral to everything you do.  And give us a call at (877) 728-6466 or contact us online to talk more about how we can keep your data safe and secure.

And don’t forget to Like Union Built PC on Facebook, Follow Us on Twitter and LinkedIn and subscribe to our monthly eNewsletter for Union News and articles like this one delivered straight to your inbox.

CWA Union Preparing for A Strike; Will AT&T Learn from Verizon’s Mistake?

Amid inconclusive discussions between CWA and AT&T’s internet division, the union gave hint of a strike call in the near future

Recently, The Communications Workers of America (CWA) has announced that its members have given a go ahead to call for a strike, if fair contract is not reached with the internet division of AT&T Inc. The negotiations are underway for 2,000 internet services members’ renewed contracts that work in supporting customers department, call centers, and as technicians.

The previous contract of these workers got expired on July 23, 2016. Since then, the two parties are on the bargaining desk. In its recent statement, the union claimed that this bargaining is getting tougher, as the management is not cooperating on workers’ key issues, which includes wage and benefits increase.

CWA-IBEW-att-strike

This news has brought anxiety among AT&T investors, because the same kind of strike was called upon by CWA and International Brotherhood of Electrical Workers (IBEW) together against Verizon Communications Inc. earlier this year, which stretched up to 45 days. That strike not only brought above 40,000 workers and their relatives on roads nationwide, but also slammed heavy losses on Verizon’s financial books. The extent of strike pushed Obama-led government to intervene and resolve the outstanding issue. Such a step provided further strength to the union, and it is now ready to strike at its will anywhere any time.

CWA Agreement with AT&T Mobility Division

Even though the company’s Internet division has not reached any definite conclusion for 2,000 members, last week its mobility division entered into a tentative agreement with CWA for 42,000 nationwide workers. The proposed tentative agreement covered healthcare and other benefits.

This contract has been forwarded to union members for ratification and currently awaits result. It is pertinent to note that last month, the members had voted down the agreed contract between the management and the union, for which the two parties again sat on table talk to come up with this revised contract.

Stay Abreast of the News

To follow the status of the potential CWA strike against AT&T visit CWA News Page or Like us on Facebook and subscribe to the Union Built PC monthly eNewsletter for the latest news.

When Donald Trump Had a Choice, He Chose Nonunion Labor for His Construction Projects

Donald Trump has admitted before that when he has a choice between union and nonunion labor for his construction projects, Trump chooses nonunion labor. Just how often was that? A new report from the International Brotherhood of Electrical Workers (IBEW) reveals some figures about his dealings with IBEW contractors.

From the IBEW investigation:

A review of Trump’s projects reveals that he hires union when project labor agreements or dominant market share forces him to. But more than 60% of his projects developed outside New York City and Atlantic City – which includes most of his recent projects – were built nonunion. When you exclude developments with project labor agreements, that number jumps to nearly 80% built nonunion.

Except for his own house.

When-Donald-Trump-Had-a-Choice-He-Chose-Nonunion-Labor-for-His-Construction-Projects-with-IBEW_blog_post_fullWidth

Trump has developed or licensed his name to eight projects in Florida, for example. The only one using IBEW workers is his palatial home and private club in Palm Beach. “For everything he sold to other people, he went nonunion. But for his house, he went with us,” said IBEW Local 728 Business Manager Dan Svetlick. Svetlick says it’s something he’s seen with other billionaires like Trump. When it comes to their own homes or the homes of their family members, “They want that to last,” he said.

Here are 10 other key facts from the IBEW report:

1. According to analysis of lawsuits filed against him and his companies, when union contractors were hired, Trump developed a reputation for stiffing some, delaying payment to others and shorting workers on overtime and even minimum wage.

2. USA Today found 60 lawsuits against Trump for not paying his bills on time, including by a dishwasher in Florida, a New Jersey glass company, a carpet supplier, plumber, painters, 48 waiters, dozens of bartenders and a real estate broker.

3. Trump has been cited for 24 violations of the Fair Labor Standards Act.

4. Trump-associated properties and companies have filed for bankruptcy often: Trump Taj Mahal (1991), Trump Plaza and Trump Marina (1993), Trump World’s Fair and Casino (1999), Trump Hotels & Casino Resorts (2004) and Trump Entertainment Resorts (2009). In each of the bankruptcies, unpaid contractors were sent to the back of the line for repayment and often received only pennies on the dollar for what they were owed.

5. Lawyers who represented Trump in lawsuits for non-payment sued Trump for not paying them.

6. Since 1980, more than 200 mechanic’s liens have been filed against Trump properties for nonpayment.

7. According to former Trump Plaza President Jack O’Connell, Trump would negotiate the best price he could, but when it came time to pay the bills, Trump would say: “I’m going to pay you, but I’m going to pay you 75% of what we agreed to.” It was known as the “Trump discount,” according to The Wall Street Journal.

8. Trump continues to stonewall unionized casino and culinary employees looking for their first contract at the Trump International Hotel in Las Vegas.

9. Most of Trump’s recent projects have been in anti-union and “right to work” states. Where the law is different, his choices are different: “For every union-built development outside of New York and Atlantic City, Trump built nearly two nonunion, and if there is no PLA, Trump has hired union workers once for every four projects that go nonunion.”

10. Trump Tower, where he announced his presidential campaign, was built on a site cleared by undocumented immigrant laborers from Poland. A lawsuit was filed against Trump that dragged on for nearly two decades—he didn’t reach a settlement with the working people who did the job until 19 years later. The U.S. District Court for the Southern District of New York wrote: “No records were kept, no Social Security or other taxes were withheld, and they were not paid in accordance with wage laws. They were told they would be paid $4.00 or in some cases $5.00 an hour for working 12-hour shifts seven days a week. In fact, they were paid irregularly and incompletely, sometimes with [the subcontractor’s] personal checks, which were returned by the bank for insufficient funds.” Employees complained to the press of working in “choking clouds of asbestos dust without protective equipment.” The District Court concluded that Trump “knew the Polish workers were working ‘off the books,’ that they were doing demolition work, that they were nonunion, that they were paid substandard wages with no overtime pay and that they were paid irregularly if at all.”